1 / 44

Elevate the security for all your cloud apps and services with the Microsoft CASB

Elevate the security for all your cloud apps and services with the Microsoft CASB. Kim Kischel Senior Product Marketing Manager Niv Goldenberg Principal PM Manager. BRK2158. @KimKischel. Identity & access management. Threat protection. Information protection. Security management.

shlomo
Télécharger la présentation

Elevate the security for all your cloud apps and services with the Microsoft CASB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Elevate the security for all your cloud apps and services with the Microsoft CASB Kim Kischel Senior Product Marketing Manager Niv Goldenberg Principal PM Manager BRK2158 @KimKischel

  2. Identity & access management Threat protection Information protection Security management Enterprise-class security technology Microsoft Cloud App Security Microsoft Cloud App Security

  3. CLOUD SERVICES ARE KEY TO TODAY’S IT STRATEGIES • 75% • 1,181 different cloud services are used by enterprises on average of companies consider SaaS tools essentials to their business • 80% • 61% of workers use non-sanctioned cloud apps of cloud applications IT isn’t aware of

  4. CLOUD ACCESS SECURITY BROKERS By Cloud Access Security Brokers (CASBs) are defined by Gartner as: On-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security polices as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. 2020 85% of large enterprises will use CASBs

  5. TOP CASB USE CASES Box YouTube Twitter Office 365 AWS Facebook Dropbox Salesforce Azure Unsanctioned apps Cloud Threats Sanctioned apps Identify and mitigate malware activities Classify, label and protect sensitive information Assess if your cloud apps meet compliance Discover the cloud apps Govern discovered apps Control and monitor user sessions in real-time Detect insider threats and compromised accounts Corporate HQ Public/Home Wi-Fi External Users Unmanaged Devices

  6. 02 MICROSOFT CLOUD APP SECURITY

  7. MICROSOFT CLOUD APP SECURITY Natively integrated with Microsoft 365 and beyond

  8. CLOUD APP SECURITY IN THE MARKETPLACE Featured customers Featured 3rd party apps

  9. IGNITE ANNOUNCEMENTS Real-time session controls for Microsoft and on-premises apps Support for Microsoft apps in public preview including O365, VSTS and on-prem apps via AAD App proxy Cloud App Discovery with Windows Defender ATP Single click enablement that extends the discovery of cloud apps beyond your corporate network with traffic information from Windows 10 Enterprise 10 E5 machines Automatic detection and revocation of risky 3rd party apps Ability to detect and automatically revoke an app’s permission, when it is considered risky Automating enterprise workflows with Microsoft Flow Integrations with Microsoft Flow to provide centralized alert automation and orchestration of custom workflows using the ecosystem of connectors in Microsoft Flow. Expanding app discovery and lifecycle management with SWGs After announcing our integration with Zscaler, we’re expanding our partnerships to include iboss

  10. 03 DISCOVERY OF SHADOW IT

  11. Shadow IT Discovery Lifecycle • Safely adopting cloud apps • Continuous monitoring • Be alerted when new, risky or high volume apps are discovered in your environment for continuous monitoring and ongoing control over your cloud apps. Discover Shadow IT Identify which apps are being used in your organization. Phase 3 Phase 1 Phase 2 Evaluate and Analyze Discover and Identify Manage and Continuous monitoring Manage cloud apps Start managing cloud apps and leverage one of several governance actions such as Sanction, Unsanction, onboarding an app to AAD to leverage SSO, marking them for review or blocking them from your network. Identify the risk levels of your apps Understand the risk associated with discovered apps, based on more than 70 risk factors including, Security factors, industry- and legal regulations. Analyze usage Understand the usage patterns and identify high risk volume users. Evaluate compliance Evaluate whether the discovered apps meet the compliance standards of your organization against factors like GDPR or industry-relevant standards like HIPAA readiness.

  12. Demo

  13. Cloud Discovery with Windows Defender ATP (Preview) On and beyond corp network DiscoveryDiscover cloud usage across all locations (HQ, Branches, Remote..)  Enhanced visibility and investigationCorrelate between, user, machine and source IP, and dive into specific machines for advanced investigation and risk detection Seamless integrationOne-click Cloud Discovery deployment

  14. Extending the native integration with SWGs Risk based control over cloud app usageAutomatically sync unsanctioned apps from Cloud App Security to Zscaler and control user access Enhanced visibility into Shadow IT and riskPivot directly to Cloud App Security for comprehensive risk assessment and investigation Seamless integrationStream data directly from SWG to Cloud App security with no additional deployments

  15. 04 PROTECTING YOUR FILES AND DATA

  16. Comprehensive protection of sensitive data throughout its lifecycle—across devices, apps, cloud services, and on-premises Microsoft information protection solutions Discover Classify Protect Monitor Across Devices Apps Cloud services On-premises

  17. Demo

  18. Unified Data Classification Service • Unified labelling with Microsoft Information Protection • 90 built-in, sensitive information types you can choose from • Or configure custom sensitive information types (supports complex patterns with Regex, keywords and large dictionary)

  19. 05 REAL-TIME MONITORINGAND CONTROL

  20. Conditional Access 10TB Conditions Controls Machinelearning Allow access SessionRisk Users 3 Require MFA Devices Real timeEvaluation Engine Limit access Policies Location Deny access Effectivepolicy Apps Force password reset ******

  21. Real-time monitoring and control • Unique integration with Azure Active Directory • Monitor sessions and enforce app and data restrictions Context-aware session policies for any app Enforce browser-based “view only” mode for low-trust sessions. Classify, label, and protect on download. Gain visibility into unmanaged device activity. Restrict access to cloud apps and data based on user, location, device, and app (any SAML-based and OIDCS-based app, any OS). Simple deployment directly from your Azure AD portal. Leverages existing device management mechanisms, no additional deployment required

  22. Cloud App Security integrates with: • Azure Active Directory • Azure Information Protection • Microsoft Intune • to help protect any app in your organization. CONDITIONAL ACCESS APP CONTROL • Microsoft Azure Active Directory Seems good Seems bad MICROSOFT CLOUD APP SECURITY Analyze Session Risk Check user organization Check location Check device compliance with Intune Check user behavior Enforce Relevant Policies with Conditional Access App Control Require MFA and define session timeouts for unfamiliar locations Enforce read-only mode in applications for partner (B2B) users Monitor and alert on actions when user activity is suspicious Protect downloads from unmanaged devices with AIP BOX.US.CAS.MS

  23. CONDITIONAL ACCESS APP CONTROLReal-time monitoring and granular controls for user sessions Unique integration with Azure AD Conditional Access allows selective routing to MCAS based MCAS leverages Azure data centers across the world to optimize performance and user experience Enables powerful use-cases such as monitoring and controlling actions for business-to-business users or unmanaged devices • 58% • of workers have accidentally shared sensitive data to the wrong person

  24. Demo

  25. Conditional Access App Control for Office 365 and on-premises apps(Preview) • Support for Microsoft cloud services, including some of our most popular Office 365 apps • Support for Azure portal and Dynamics 365 coming later this year

  26. Native controls implementation in Azure AD • Simple deployment and native integration with Conditional Access, including built-in policies that can be configured directly within Azure AD

  27. 06 THREAT PROTECTION

  28. PROTECTING FROM CLOUD THREATS Malicious Insider Protect against disgruntled employees before they cause damage Rogue Application Identify rouge applications that access your data Data exfiltration Detect unusual flow of data outside of your organization Malware Detect malware in cloud storage as soon as it’s uploaded Ransomware Identify ransomware using sophisticated behavioral analytics technology Compromised Accounts Combat advanced attackers that leverage compromised user credentials

  29. Microsoft Cloud App Security – Detections across apps Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Suspicious inbox rules (delete, forward) Malicious use of a privileged user Indicators of a compromised session ! ! ! Malicious use of an end-user account Threat delivery and persistence Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity

  30. Demo

  31. Threat Protection Demo recap Built-in and custom detections Identity threats Risky and rouge apps Ransomware and malware Investigate and remediate Pivot on users, IP addresses, resources, activities and locations Automate and ad hoc remediation Suspend user sessions Require sign-in Revoke app access !

  32. Automatic detection and revocation of risky 3rd party apps Monitor app permissionsAuthorized by your users Define custom policies to alert on trending, new and risky apps in use Automatically revoke appsto the entire org or specific users and groups

  33. 07 CASB FOR CLOUD PLATFORMS

  34. CASB for Cloud Platforms Detection and investigation of anomalous admin behaviorIdentify anomalies in your cloud environment via advanced behavioral analytics. Pivot on users, IP addresses, resources, activities and locations Security posture assessment Analyze the security posture of you cloud platform and identify missing security configurations and controls. Unique integration with Azure Security Center Pivot to Azure Security Center to apply recommendation and remediate vulnerabilities.

  35. 08 ENTERPRISE INTEGRATION

  36. Enterprise Integrations External DLP solution​Integrate with existing DLP solutions to extend these controls to the cloud while preserving a consistent and unified policy across on-premises and cloud activities​ Export alert and activities to your SIEM Better protect your cloud applications while maintaining your usual security workflow, automating security procedures and correlating between cloud-based and on-premises events​ Automate processes via API or PowerShell​ Create your own applications using programmatic access to Cloud App Security data and actions through REST API endpoints

  37. Automated security workflow (preview) • Route alerts to ticketing system • ​ • Gather end user input for alert investigation • Get approval from SOC operator to execute action • Apply additional security controls

  38. Microsoft Cloud App Security licensing options Microsoft CAS CASB for any cloud app Office 365 CAS CASB for Office 365 CAS Discovery Discovery of Shadow IT EMS E5 Office 365 E5 AAD P1 (EMS E3)

  39. Get started with a free trial aka.ms/mcastrial Come meet us at booth BP5 in the Expo hall! Learn more about Microsoft Cloud App Security aka.ms/mcastech Join the conversation on TechCommunity! aka.ms/mcascommunity Stay up to date and subscribe to our blog! aka.ms/mcasblog Visit our Website aka.ms/mcas

  40. SESSION RECOMMENDATIONS: LIVE OR ON DEMAND • THR3030 - Shadow IT Discovery beyond the corporate network with Windows Defender ATP and Cloud App Security Tuesday, September 25, 3:25 PM - 3:45 PM, Hyatt Building Theater • BRK3241 - Enable Azure Active Directory Conditional Access to secure user access while unlocking productivity across Microsoft 365 Wednesday, September 26, 12:30 PM - 1:45 PM, Hyatt Regency Windermere • BRK3221 - Combat advanced cyber attacks with Microsoft Cloud App Security Wednesday, September 26, 2:00 PM - 2:45 PM, OCCC W414 • BRK3236 - Step up your identity infrastructure with a native CASB integration Wednesday, September 26, 3:15 PM - 4:00 PM, Hyatt Regency Plaza International I-K • THR2075 - Discover shadow IT and detect anomalies with O365 Cloud App Security Wednesday, September 26, 5:05 PM - 5:25 PM, Expo Theater #6 • BRK3105 - Monitor and control user sessions in real-time across your cloud apps with conditional access app control Thursday, September 27, 11:30 AM - 12:15 PM, OCCC W311 A-D

  41. QUESTIONS?

  42. Take the Microsoft Security challenge and win! Find kiosks with these signs in the Expo Hall, West Building in the Security area. Take the short survey to collect a button Collect all 4 buttons and win prizes! Identity & access management Security management Information protection Threat protection

More Related